When we install software on our computers we have to trust the package maintainers that it's secure.
If someone slips a hack into homebrew all of our machines could become vulnerable.
But what about our own code? * When we deploy to production, how do we know we can trust it? * What if someone pushes a hack to our github? * Will CI still push it to production?
It turns out Git has a cool feature that can help us trust the code we deploy. We'll discuss Git Commit Signing, how it can help us, and what downsides it may have.
Talk given at the London Ruby User Group (LRUG) at Skillmatter in London on Monday 12th February 2018